Payload from command line not overwriting the stack

1

I'm sorry that this is unusually long, I just want the contributors to see what I have tried before posting.

My code:

     #include<stdio.h>
        #include<string.h>
        #include<stdlib.h>

        void nevercalled(){
            printf("nevercalled");
        }

        void gadget1(char payload[]){
            char buff[16];
            strcpy(buff, payload);
        }

    int main(int argc, char** argv){
        gadget1(argv[1]);
        return 0;
}

When I passed this command line argument:AAAABBBBCCCCDDDD\x19\x0c\x00\x60 and viewed the first 20words, I got:

0x603ffeb0: 0x41414141 0x42424242 0x43434343 0x44444444

0x603ffec0: 0x3931785c 0x6330785c 0x3030785c 0x3036785c

0x603ffed0: 0x603fff00 0xe8e8e8e8 0xe8e8e8e8 0xe8e8e8e8

0x603ffee0: 0x60000b9c 0xe8e8e8e8 0xe8e8e8e8 0xe8e8e8e8

0x603ffef0: 0x00000002 0x603fff00 0xe8e8e8e8 0xe8e8e8e8

Instead of something like this:

0x603ffeb0: 0x41414141 0x42424242 0x43434343 0x44444444

0x603ffec0: 0x60000c19 0x6330785c 0x3030785c 0x3036785c

0x603ffed0: 0x603fff00 0xe8e8e8e8 0xe8e8e8e8 0xe8e8e8e8

0x603ffee0: 0x60000b9c 0xe8e8e8e8 0xe8e8e8e8 0xe8e8e8e8

0x603ffef0: 0x00000002 0x603fff00 0xe8e8e8e8 0xe8e8e8e8

I figured the payload which is stored in argv[1] is treated as a single string in the code above instead as an array characters. I confirmed that it is represented as "AAAABBBBCCCCDDDD\\x19\\x0c\\x00\\x60" which is not useful to me as it will reconvert the address to hexadecimal!

Just to be sure, I decided to pass the argument directly to confirm this (Worked)

int main(int argc, char** argv){
    gadget1("AAAABBBBCCCCDDDD\x19\x0c\x00\x60");
    return 0;
}

0x603ffeb0: 0x41414141 0x42424242 0x43434343 0x44444444

0x603ffec0: 0x60000c19 0x60000b04 0xe8e8e8e8 0xe8e8e8e8

0x603ffed0: 0x60000804 0xe8e8e8e8 0xe8e8e8e8 0xe8e8e8e8

0x603ffee0: 0x60000bb8 0xe8e8e8e8 0xe8e8e8e8 0xe8e8e8e8

0x603ffef0: 0x00000002 0x603fff00 0xe8e8e8e8 0xe8e8e8e8

In command line format:(the headache 0x3931785c returns)

int main(int argc, char** argv){
    gadget1("AAAABBBBCCCCDDDD\\x19\\x0c\\x00\\x60");
    return 0;
}

0x603ffeb0: 0x41414141 0x42424242 0x43434343 0x44444444

0x603ffec0: 0x3931785c 0x6330785c 0x3030785c 0x3036785c

0x603ffed0: 0x60000800 0xe8e8e8e8 0xe8e8e8e8 0xe8e8e8e8

0x603ffee0: 0x60000bc4 0xe8e8e8e8 0xe8e8e8e8 0xe8e8e8e8

0x603ffef0: 0x00000002 0x603fff00 0xe8e8e8e8 0xe8e8e8e8

How do I prevent the payload in argv[1] from being processed as

  • AAAABBBBCCCCDDDD\\x19\\x0c\\x00\\x60

?

c
stack
microprocessors
hardware-programming
xtensa
asked on Stack Overflow Mar 4, 2020 by dbayoxy • edited Mar 4, 2020 by dbayoxy

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0